Project

General

Profile

Issue #3521

Dual Stack VTI IPsec Setup Issues

Added by Christian Shaheen 2 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.8.4
Resolution:

Description

Hello! I'm new to strongswan but not IPsec tunnels. I am looking to setup a vti between pfSense and an Ubuntu 20 server that to run OSPFv2 and v3 on (dual stack). I've got the tunnel up and OSPFv2 running just fine but I'm having an issue with the v6 side of the tunnel in that no v6 traffic will pass. I setup OSPFv3 and I can see hello messages making it from pfSense to Ubuntu with tcpdump and I can see Ubuntu responding but it's not making it back to pfSense. I also tried setting up static routes on either side of the tunnel with similar success. Thanks in advance!

ipsec.conf

conn pfVltrA
    keyexchange=ikev2
    authby=secret
    leftupdown="/var/lib/strongswan/ipsec-vti.sh 0 192.168.255.233/30 192.168.255.234/30" 
    left=x.x.x.x
    leftid=x.x.x.x
    leftsubnet=0.0.0.0/0,::/0
    right=y.y.y.y
    rightid=y.y.y.y
    rightsubnet=0.0.0.0/0,::/0
    auto=start
    mark=32
    dpdaction=restart
    ike=aes128-sha256-modp2048
    esp=aes128-sha256-modp2048

History

#1 Updated by Tobias Brunner about 2 months ago

  • Status changed from New to Feedback

There is not enough information to help you (no logs, no clue what ipsec-vti.sh does etc.).

Also available in: Atom PDF